Oscar Gosdinski wrote:
Instead of using a hash if the password string, i prefer to save the
following in the password field of my user's table:
md5($user . $password)
This is a good idea, IMHO of course.
There are some md5 databases around that can be used to get the
cleartext
Hello.
I got a password protected login script of t'internet a while back and
have implemented it. I just want to make sure it is secure. I am aware
that the password is stored directly in the database and I don't think
this is a good thing. If the following could be looked at to see if
On 3/14/06, IG [EMAIL PROTECTED] wrote:
Hello.
I got a password protected login script of t'internet a while back and
have implemented it. I just want to make sure it is secure. I am aware
that the password is stored directly in the database and I don't think
this is a good thing. If the
On 3/14/06, IG [EMAIL PROTECTED] wrote:
Hello.
I got a password protected login script of t'internet a while back and
have implemented it. I just want to make sure it is secure. I am aware
that the password is stored directly in the database and I don't think
this is a good thing. If the
On 14/03/06, IG [EMAIL PROTECTED] wrote:
Hello.
I got a password protected login script of t'internet a while back and
have implemented it. I just want to make sure it is secure.
It's not.
1. It only works with register_globals turned on. Not a good idea -
register_globals has been off by
- Original Message -
From: Anthony Ettinger [EMAIL PROTECTED]
You should encrypt the password in the database, with a one-way hash,
then you simply compare what's in your db to what the login form
submits.
That way if you get hacked, or your admin goes postal, you won't have
people's
Instead of using a hash if the password string, i prefer to save the
following in the password field of my user's table:
md5($user . $password)
There are some md5 databases around that can be used to get the
cleartext password from the hash if your database is compromised, if
you use this method
7 matches
Mail list logo